Home php Search LIKE operator and security, php, MySQL

Search LIKE operator and security, php, MySQL

Author

Date

Category

Tell me how to properly organize the search with the operator LIKE , searched on the site by a text field in the database (php, MySql), through – "... where pole like '% blabla%' ... "As I understand it is not safe, please advise how best to do it.
It turns out that any value can be passed to the LIKE operator, since any values ​​from the search string on the site are substituted there.
as an example

mysql_query ("SELECT * FROM songs WHERE songname LIKE '$ searchData%'");

Answer 1, authority 100%

$ query = mysql_real_escape_string ($ searchData);
mysql_query ("SELECT * FROM songs WHERE songname LIKE '$ query%'");

But this extension is deprecated. It is better to use PDO or MySQLi, there are also methods for escaping a string before using it in a query.

http://php.net/manual/en/pdo.quote.php – PDO

http://php.net/manual/en/mysqli. real-escape-string.php – MySQLi

Programmers, Start Your Engines!

Why spend time searching for the correct question and then entering your answer when you can find it in a second? That's what CompuTicket is all about! Here you'll find thousands of questions and answers from hundreds of computer languages.

Recent questions